[rotuts]

Im starting to get a few notices one w firefox and one w safari that Google is warning me that those sites have been 'hacked' w malware that might be installed with out my permission

is it not true that this is still only a problem for PC's?

thanks

[TETENAL]

It is not true that this is still only a problem for PCs.

There is malware for Macs actively distributed (DNS changer trojan eg.)

[Big Mac]

However, it is very rare that you'll run into the few trojans out there written for OS X, and thus far they have all required the user to actively install them.

On the other hand, a cross platform, Java-based proof of vulnerability was developed recently. It took Apple far too long to patch it.

[ghporter]

The majority of hacked web pages (or as I prefer to call them, "malicious web pages") are aimed at Windows vulnerabilities. The VAST majority. And when Google or Firefox or whatever warns you about a page, it's warning you about a Windows issue.

However, while there ARE items of OS X-targeting malware around, I'm not aware of any that do anything without the user's explicit permission. This should lead everyone to two very strong rules: NEVER give permission for anything to install or otherwise access your Mac unless you're 100% sure it's legitimate, and if you think you're about to get something for nothing, think very hard about just exactly what you're about to get, because it's probably BAD.

[rotuts]

many thanks for these fine replies!

[Big Mac]

Originally Posted by ghporter 

I'm not aware of any that do anything [I]without the user's explicit permission.

That Java exploit is one prominent counter-example - it could have been used to write malware that would execute without user permission.

[ghporter]

I did specify "OS X-targeted" malware. Java exploits are cross platform. And I think "safe surfing" is still a viable method of avoiding the Java exploit. Know where you're surfing, know what you're downloading, and know WHY you're downloading it-all very good rules to follow.

[Chuckit]

AFAIK the Java exploit was OS X-specific.

At any rate, malware is not really at problem on OS X. There are a few pieces of malware out in the wild, but they're relatively weak. I do not personally know anyone who has been hit by it. In general, you're pretty safe.

I still don't recommend doing stupid things, though. And always keep a backup.

[Big Mac]

It was based on a cross platform Java security hole, but the particular proof of concept implementation may have been OS X specific.

[Curiosity]

Originally Posted by Big Mac 

That Java exploit is one prominent counter-example - it could have been used to write malware that would execute without user permission.

Would that be true of a standard account as opposed to an admin account?

[JKT]

It can only execute with the permissions of the user, so if you are running a standard account, it wouldn't have been able to do any damage other than to your own account.

[rotuts]

of further curiousity:

how would one know if one had one of these cross platform items installed?

how would one look for it?

thanks again!

[Big Mac]

If you're particularly security conscious, here are my recommendations:

1. Run as a normal user unless there's some particular reason you have to run as admin for a limited period of time. You can gain admin privileges when installing most pieces of software by authenticating as admin when prompted. It may make things a little more difficult occasionally but it adds a layer of security.

2. Think before you install something you've downloaded. This one's pretty easy, but if you suddenly find that some site has randomly downloaded a piece of software and has an installer open for you to install it, DON'T click to install.

3. Keep your Java and Flash software up to date. Uninstall Adobe Reader and rely on Preview + the native webkit PDF viewer for your PDF needs.

4. Use a hardware router (NAT + firewall)

[JKT]

Originally Posted by rotuts 

of further curiousity:

how would one know if one had one of these cross platform items installed?

how would one look for it?

thanks again!

/Library/Internet Plug-Ins and ~/Library/Internet Plug-Ins

Java and Flash will probably be present on every platform. AdobePDFViewer will be dominant on Windows, but less prevalent on the Mac. However, those three are the most common attack vectors due to their ubiquity (and in the case of the Adobe software, there horrendous bugginess).

If you never use any websites that make use of Java (and who does these days?), then you can just turn it off in your browser. Flash is obviously used by a lot of websites, so you need to keep it up to date, and you could also use something like Click-to-Flash (also an internet plug-in, free) to block Flash content from loading until you click it. AdobePDFViewer is only needed if you need access to PDFs that are of version 1.6 format or higher (Preview only supports up to PDF version 1.5) and only if you want to view them within your browser. You can keep Adobe Reader installed but disable the internet plug-in if you wish.

[Big Mac]

I think rotuts was asking how to determine if malware were installed.

[rotuts]

this is all very interesting and informative.

again how might one check to see if some JAVA malware got installed.

do the websites that get the Google alert then change themselves?

thanks!

[Big Mac]

The Java exploit was shown as a proof of concept, not as actual malware. Apple has since patched it. There have been no reports of that exploit actually having been actively exploited by any site. If you have used Software Update to get the Java update, you're no longer vulnerable.

As for Google malware site alerts, check out this Google discussion thread on the topic: Why is my website still flagged as malicious with warning page - Why? - Webmaster Help

[rotuts]

thanks for all this help

I found a firefox add on called NoScript and added it

now I have to learn what all these scripts mean!

thanks!